You may have read my post on set­ting up the Rasp­ber­ry Pi to access the desk­top remote­ly. I got most of that accom­plished with a bit of deter­mi­na­tion and some help from the good peo­ple of Red­dit /RaspberryPi. Once I’d sent red­dit my post, u/newdles and u/wittless both made some real­ly good sug­ges­tions about using an SSH Tun­nel to route traf­fic from the brows­er on my cur­rent com­put­er to the Ras­ber­ry Pi. This elim­i­nates the need for any remote desk­top soft­ware like VNC which is inher­ent­ly inse­cure because the data it sends isn’t encrypt­ed.

SSH (Secure SHell) is a much bet­ter option than my orig­i­nal plan for a few rea­sons. First as the name implies, it’s rel­a­tive­ly secure. The web traf­fic is encrypt­ed while it’s trav­el­ling back and forth between my lap­top and the Rasp­ber­ry Pi. For the time being, short of the NSA, most peo­ple won’t have access to the traf­fic stream.

Sec­ond, it’s far faster than VNC. Because VNC has to send graph­ics data between two com­put­ers it tends to be pret­ty slow and finicky when you’re try­ing to move about the desk­top, open files and appli­ca­tions, and manip­u­late set­tings. It’s always been like this and even with sig­nif­i­cant­ly high­er inter­net speeds, it hasn’t dras­ti­cal­ly improved in the 15 years I’ve used it.

I found a great walk through from Hey Stephen Wood on SSH Tun­nelling on the Mac, and since I was already set up for SSH ter­mi­nal access, it was real­ly just the proxy con­fig­u­ra­tion I need­ed. The only thing dif­fer­ent in my own set­up was that I’d changed my default port from 22 to (some­thing else) on the advice of u/witless on that red­dit thread.

Stephen sug­gests using this to con­nect to your Pi:

$ ssh -D 8888 username@yourwebserver.com -vv

But when the default port has been changed, this is actu­al­ly what you’ll need to do.

$ ssh -D 8888 -p [YourNewPortNumber] username@yourwebserver.com -vv

I got a bit con­fused by his 8888, and tried to jam my port num­ber in there unsuc­cess­ful­ly. The -D 8888 spec­i­fies a port on the local com­put­er where that tun­nel can tran­sit through. Obvi­ous­ly my non-default port need­ed to be spec­i­fied sep­a­rate­ly. :)

Atten­tion: If you’re the type that gets hives think­ing about tech­nol­o­gy, this post isn’t for you (and please don’t feel bad for just com­plete­ly skip­ping it!)

I’ve final­ly man­aged to get myself a Rasp­ber­ry Pi from the won­der­ful peo­ple at Solar­botics. As a tech­ni­cal guy, I’ve long strug­gled with try­ing to get Unix com­put­ers up and run­ning.. I’ve always found the Unix doc­u­men­ta­tion and tuto­ri­als tough to get through, pri­mar­i­ly because they tend to make a lot of assump­tions about what the read­er might know. (A lot!) Usu­al­ly I find this leads me in cir­cles and spi­rals try­ing to sort out a prob­lem relat­ed to some minor ver­sion change, or dif­fer­ence in con­fig­u­ra­tion. Also, I think I’m pret­ty much checked out of dig­ging through obscure tech­ni­cal doc­u­men­ta­tion. Thank­ful­ly, because of this new class of hard­ware, there is a new class of writer build­ing doc­u­men­ta­tion now, and we have peo­ple like the Rasp­ber­ry Pi founders, and count­less oth­er mak­ers to thank for that.

So, now that I’ve got a spe­cif­ic need to be addressed, I’m going to give this a shot.

The fol­low­ing are some of the tuto­ri­als and instruc­tions that’ve helped me solve the prob­lems I’ve encoun­tered in the con­fig­u­ra­tion. The post is main­ly a repos­i­to­ry for my own use (any name-call­ing is aimed sole­ly toward me, myself, and I), but I’ll keep it post­ed here to help oth­ers who may have the same issues. Because this isn’t a tuto­r­i­al or even a ful­ly fleshed out arti­cle, it’s pos­si­ble that I haven’t ful­ly explained some­thing that you’re strug­gling with. I may have cho­sen not to because it’s part of my own knowl­edge, but I rec­og­nize that it may not be part of yours. Please give me a shout or drop me an email if you’d like more clar­i­ty about what I’ve writ­ten. Hope this helps!

First things first..

Purpose:

I want­ed a lit­tle tiny com­put­er to tuck in to a cor­ner and that could be remote con­trolled from else­where on the inter­net, main­ly for web brows­ing. Because this will be liv­ing at a bor­rowed off­site loca­tion, I didn’t want to take up a lot of space with an old lap­top or some­thing more intru­sive. The Pi is a good choice because it’s itty bit­ty, and will eas­i­ly tuck in to a cor­ner with a wire­less router, and won’t con­sume a shed load of elec­tric­i­ty either..

RaspberryPi2 — an itty bit­ty com­put­er (With an SD card for scale)

So, there are two spe­cif­ic tech­ni­cal chal­lenges that need to be addressed:

How do I get access to the desk­top of the com­put­er remote­ly?

How do I con­nect to the com­put­er when its IP Address may change at ran­dom?

The solu­tions are pret­ty straight for­ward in the­o­ry, but a lit­tle more com­pli­cat­ed to put in to prac­tice but I’ll be using the fol­low­ing to reach my goal…:

Vir­tu­al Net­work Com­put­ing (VNC) which I’ve been using for count­less years to con­nect to my old win­dows machines

Dynam­ic DNS, a way of let­ting the com­put­er update its own inter­net address so that I can always find it..

Implementation:

I’m using the NOOBS dis­tri­b­u­tion of Rasp­ber­ry Pi. It came pre­in­stalled on the Rasp­ber­ry Pi 2 Bun­dle I got from Solar­botics. While set­ting up, I man­aged to change the pass­word and fig­ured I messed up because on my first reboot, I couldn’t log in.. Crap.

For the record, the default user­name is Pi (not Rasp­ber­ry as I was think­ing..)

Don’t Pan­ic. Dou­glas Adams taught us this, and I’d for­got­ten the rule. Rather than think­ing through the prob­lem, my first reac­tion was for­mat, rein­stall.

When you for­mat the SD card through disk util­i­ties on a mac, you have to unmount each of the mount­ed par­ti­tions on the disk.

Right click the disk to reveal the unmount option. This is nec­es­sary to do for par­ti­tions of a larg­er disk when you want to save an image..

Rasp­ber­ry Pi NOOBS requires a FAT for­mat­ted disk to run. This infor­ma­tion is a bit scarce on the inter­nets.

The above linked NOOBS dis­tro is a lit­tle larg­er than the Solar­botics sup­plied ver­sion. Not sure how, but it includes a few more options to install. Not nec­es­sary for a noo­bie, but may be use­ful if you want to play and explore with your new device.

Make sure you choose the right Key­board and region when NOOBS is installing your OS. Chang­ing the key­board lat­er is con­vo­lut­ed and frus­trat­ing. As is inad­ver­tent­ly typ­ing the £ sym­bol instead of the # I was expect­ing..

Display problems

I had a cou­ple of issues with my dis­play, one that was rel­a­tive­ly straight for­ward, and the sec­ond that was a lit­tle more befud­dling.

After muck­ing around with some VNC set­tings, some­how I man­aged to reduce the max­i­mum res­o­lu­tion of the Pi so that there was black bor­der of unused pix­els sur­round­ing the dis­play area. <sigh>

Extra Pix­els around the Rasp­bian Lin­ux inter­face

Rein­stalled OS again after fail­ing google-fu and not find­ing a solu­tion.

Prob­lem per­sist­ed with new OS install, so some­how I man­aged to change some­thing on the Pi Con­fig­u­ra­tion itself..

One thing the tuto­r­i­al doesn’t men­tion is that the Over­scan set­tings in step 4 exist in TWO places in the con­fig file. The ones at the bot­tom were what fixed my prob­lem in the end. I only learned this after sev­er­al reboots and some head scratch­ing

Also, the Pi Con­fig file is called /boot/config.txt

And, I far pre­fer using Nano to VI for edit­ing..

Backup, backup, backup..

Okay, I’ve start­ed from scratch enough times, I’d like to back­up the 4Gb SD card and cre­ate some check­points when I install new soft­ware or make changes.

Unfor­tu­nate­ly it wasn’t as easy as just mak­ing an image in Disk Util­i­ty on the Mac with­out first Unmount­ing the boot and recov­ery par­ti­tions. Once you do though, you can click the SD card, and choose New Image from the icons at the top of the Disk Util­i­ty screen..

Install VNC on Raspberry Pi

There are loads of tuto­ri­als on this step, so I won’t record a com­plete step by step, but I find I always encounter issues beyond the pro­vid­ed tuto­ri­als, so I’ll record any addi­tion­al issues I encounter.

(It should be not­ed that Adafruit has been mak­ing a huge con­tri­bu­tion to the mak­er move­ment since they start­ed out. they’re rep­utable, and well worth explor­ing if you’re at all smit­ten with build­ing elec­tron­ics)

Lessons:

To SSH from anoth­er unix machine (like a Mac), you’ll need to pro­vide the appro­pri­ate user to con­nect use ssh pi@192.168.9.9 or what­ev­er your address is to login as user pi

Start­ing VNC is as sim­ple as using vnc­serv­er :1 This starts the serv­er, and allows you to cre­ate dif­fer­ent ses­sions by incre­ment­ing the :[num­ber]. As you’ll see below, this is lim­it­ed by your router con­fig­u­ra­tion..

There are a few dif­fer­ent ways to con­nect to the Pi from anoth­er com­put­er. I chose to use RealVNC view­er and just con­nect. You can use Mac Screen Shar­ing, but at the moment I don’t mind hav­ing anoth­er soft­ware pack­age do the work..

There were a cou­ple of things con­spic­u­ous­ly miss­ing from the first tuto­r­i­al..

When con­nect­ing to the vnc serv­er with the view­er, use the for­mat [IP address]:[Session Num­ber]. In the case of the adafruit tuto­r­i­al, we cre­ate ses­sion num­ber 1, so when I con­nect to my pi it’s address 192.168.9.9:1 that I use to con­nect.

Annd Suc­cess!

Rasp­ber­ry Pi by VNC!

Now to change the default res­o­lu­tion on my VNC win­dow to match my lap­top res­o­lu­tion 1680×1050.

The first tuto­r­i­al sets up a script to auto­mat­i­cal­ly start the VNC ser­vice when you boot your Pi. If this is desir­able, it’d be worth try­ing out. After a bit of thought though, I’d rather not have a whole pile of access meth­ods hang­ing off my machine while it’s just sit­ting on the inter­nets. So for now I think I’ll just start it using SSH (as is shown in tuto­r­i­al 2) with the sim­ple com­mand vnc­serv­er :1. It’s pret­ty easy and gives me the option of run­ning it or not regard­less of who is mon­i­tor­ing it on the home side.

Dynamic DNS — Letting the computer tell you where it lives..

So, I’ve looked a cou­ple of options for dynam­ic DNS ser­vices.

DynDNS.org was what I used decades ago, but they’ve since gone to a pay mod­el.. This appli­ca­tion isn’t so mis­sion crit­i­cal that this is nec­es­sary

Looked at NO-IP but I wasn’t quite able to make things work cor­rect­ly at first try.. The ser­vice is actu­al­ly pret­ty good but I end­ed up look­ing at..

If you haven’t had a chance to explore Red­dit, I would high­ly rec­om­mend it. There are a tonne of sub­red­dits that you could while away a life­time with, but when you’re try­ing to accom­plish some­thing spe­cif­ic or have unique inter­ests like the Rasp­ber­ry Pi there is sure­ly a com­mu­ni­ty of oth­er inspired users that are always will­ing to help..

Lessons:

Authen­ti­ca­tion through Per­sona, a Mozil­la ini­tia­tive, will fail on the Pi’s Epiphany web brows­er

Red­dit Authen­ti­ca­tion works great though!

DuckDNS instruc­tions aren’t read­i­ly avail­able when you’re not logged in. This makes it tough to research what steps you might have to per­form before you com­mit to log­ging in, but it’s not real­ly too intru­sive.

To get install instruc­tions for your plat­form, and once you’re logged in, choose the plat­form option (“Oper­at­ing sys­tem” in this case), then chose the drop-down menu item for the domain you want to con­fig­ure.

If you get to the point where you down­load the Lin­ux GUI ver­sion, make sure you move it to the home fold­er on your Pi (that’s the Pi fold­er by default). Fol­low­ing the instruc­tions while it’s in the down­loads fold­er will fail your con­fig!

I wasn’t able to get the GUI ver­sion to launch through the CHMOD line, but I could nav­i­gate to it with the file brows­er in the GUI and dou­ble-click, then choose exe­cute.

Your Token is list­ed in the set­up instruc­tions, sand­wiched between too screen shots look close­ly to find it, you may

I get the [Error] Duck DNS did not update cor­rect­ly when I com­plete the con­fig­u­ra­tion. You also get an error when your IP address hasn’t changed so I’m hop­ing this may be the same issue as the machine has already been reg­is­tered with the cur­rent IP.

Also, I’ve changed my default CRON updat­ing to 720 min­utes (12 hours) because IP address­es on home inter­net pack­ages don’t update all that often. If I’m locked out for a half day, this won’t kill me. (I used the CRON instruc­tions on the DuckDNS web­site to learn that crontab -e will let me edit this)

To this point I’ve been using inter­net shar­ing from my lap­top because the router is in a bed­room and I didn’t want to sit on a bed to con­fig­ure this all. Now it’s time to try this out prop­er­ly and I’ll have to move it and see if I can get all this work­ing remote­ly.

On the “let’s test the script” step I get the error: Warn­ing: Failed to cre­ate the file /root/duckdns/duck.log: No such file or Warn­ing: direc­to­ry. The file is legit­i­mate­ly not there (because I didn’t fol­low instruc­tions from the start), so I just cre­at­ed a blank text file at /root/duckdns and called it duck.log (I also cre­at­ed the duckdns direc­to­ry)…

Make sure you choose your domain from the drop­down box at the bot­tom of the page. This will gen­er­ate all the instruc­tions for you.

Router Configuration

In order for a dynam­ic DNS address to work, port for­ward­ing is required to make sure that the inter­net router and/or modem send inter­net traf­fic to the right device. It picks up the pub­lic ip address of your modem and this just directs stuff from the router to the Pi..

If you start your VNC Serv­er with some­thing like vnc­serv­er :1, (as sug­gest­ed by the Adafruit instruc­tions) the serv­er will use port 5901 for your con­nec­tion, vnc­serv­er :2 will use 5902 and so on. So unless you use vncserver:0 and it actu­al­ly works (I haven’t tried) the above rules will prove insuf­fi­cient, so in prac­tice, this is actu­al­ly what I’ve set on my own router to ensure that it’ll take con­nec­tions from 1 to 5..

This is what I end­ed up using for port set­tings:

Appli­ca­tion

Start
Port

End
Port

Pro­to­col

TightVNC

5900

5905

TCP

TightVNC

5800

5805

TCP

SSH

22

22

TCP

I should read the error mes­sages more thor­ough­ly, as they would have eas­i­ly pro­vid­ed the solu­tion.

VNC Error show­ing which port it actu­al­ly con­nects to

Conclusion..

So, this has tak­en me the bet­ter part of 7 hours to muck around with and set up (with the odd inter­rup­tion for this and that).. It seems like an inor­di­nate amount of time, but bear in mind I’m learn­ing all about lin­ux and work­ing with the new hard­ware, and a com­plete­ly new flavour of Unix at the same time.

This is actu­al­ly a pret­ty straight for­ward and a great learn­ing expe­ri­ence. With this expe­ri­ence now, I’m pret­ty con­fi­dent the exer­cise wouldn’t take more than an hour of manip­u­la­tion time to set up (not count­ing com­put­er time for installing the OS and such)

Hope­ful­ly this will be help­ful for those of you who’re going through your own set­up process, and save you a bit of time your­self! And seri­ous­ly, try to fig­ure things out, but if you’re real­ly stuck and google lets you down, drop me a note and let’s see if we can work out the prob­lem togeth­er!